Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

As Senior Director, Security Architecture and Strategy, the candidate will have end-to-end responsibility for First American’s security architecture reporting to the SVP, Security Technology Officer. To achieve this, the candidate will lead a global team of security architects responsible for evaluating and recommending security solutions in alignment to our cyber strategy including cloud, data, identity and technology blueprints. The cyber security solutions architected by this team will ensure the security of the global network and therefore, this candidate must be a senior technology leader with proven experience architecting secure by design solutions.

We are looking for an innovative and proactive leader of Security Architecture to lead the strategic planning, implementation, and ongoing enhancement of First American’s security framework. This pivotal role requires a blend of strong technical proficiency and effective business leadership. The ideal candidate will develop and articulate a robust security strategy encompassing network, application, identity, data and cloud environments, ensuring proactive management of cyber risks.

This role will be hybrid with two days per week onsite in Santa Ana, CA.
 

What Youll Do

• Collaborate closely with IT infrastructure, application development, DevSecOps, and business teams to embed security principles throughout technology development and deployment phases.
• Work with Cybersecurity and other technology teams to enhance security controls and capabilities.
• Maintain expertise in security regulations and frameworks (e.g., NIST, ISO 27001, PCI DSS) to design systems and processes that protect data and demonstrate adherence to industry standards.
• Formulate and communicate a comprehensive security architecture strategy to safeguard First American’ information and data assets, focusing on confidentiality, integrity, and availability.
• Continuously monitor emerging threats and industry standards to evolve our security posture.
• Define, document, and promote security architecture and technical standards across First American.
• Lead the design and implementation of comprehensive security strategies for networks, applications, identity, data and cloud environments, effectively countering existing and emerging threats.
• Lead a team of Cybersecurity Architects providing cyber technical leadership across cybersecurity domains.
• Direct hands-on design reviews and implementation assessments of security solutions across network, application, identity, data and cloud domains.
• Assess security risks in existing and planned systems, establishing technical security standards and governance processes.
• Recommend design patterns and security best practices for technology implementations.
• Support the development of reference architectures and associated reusable work products and assessment assets including detailed designs that provide deployable building blocks.
• Research, evaluate, and recommend state-of-the-art security technologies and tools.
• Oversee proof-of-concept initiatives and guide vendor selection processes.
• Other duties as assigned.

WHAT YOU’LL BRING

• BA/BS degree in Computer Information Systems, Computer Science or equivalent experience is required. Training courses, seminars, certifications, or other security related education experience preferred.
• Minimum of 10+ years of progressive experience in cybersecurity, with at least 5+ years in a security architecture lead
• 5+ years of management experience in a similar technical and business environment
• CISSP (Certified Information Systems Security Certified Professional), SSCP (Systems Security Certified Practitioner), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Management), CCNA, CCNP, MSCE preferred
• Deep understanding of defense-in-depth strategies, zero-trust models, identity and access management (IAM), threat modeling, vulnerability assessment techniques, and secure coding practices.
• Excellent knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, network access control (NAC), DMZ design, and DDoS mitigation.
• Demonstrated experience with web application firewalls (WAFs), secure software development lifecycles (SDLCs), static/dynamic application security testing (SAST/DAST), API security, and secure coding techniques.
• Proficient in cloud security models (IaaS, PaaS, SaaS), cloud-native security tools, encryption and key management, privileged access management (PAM), security posture and compliance within cloud environments.
• Demonstrated knowledge of NIST Cybersecurity Framework, ISO 27001/27002, PCI DSS (if handling payment card data), and other relevant industry guidelines.
• The ability to take concepts from frameworks and benchmarks and apply them practically to the design of security solutions. This includes mapping controls, risk assessment techniques, and documentation in alignment with standards.
• Strong ability to lead, motivate, and develop a team of security professionals. Foster a collaborative and results-oriented environment.
• Capacity to align security objectives with Sony broader business and Cybersecurity goals, effectively quantifying risks and prioritizing initiatives for optimal impact.
• Excellent written and verbal communication skills. The ability to translate technical concepts for non-technical audiences and secure buy-in at the executive level.
• Analytical mindset with demonstrated adeptness in solving complex security challenges.
• Ability to thrive in a dynamic, fast-paced environment where technologies and threat landscapes rapidly evolve.

Pay Range: $192,400- $256,500 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.